Applications Azure

NATS 2 on Ubuntu 24.04 on Azure User Guide

| Product: NATS 2 on Ubuntu 24.04 LTS on Azure

Overview

NATS is the high-performance distributed messaging system originally developed at Apcera and now a CNCF graduated project. The cloudimg image installs the latest NATS 2.x server (single Go binary, ~20MB resident) with JetStream enabled and a per-VM rotating cloudimg/admin password.

What is included:

  • NATS 2.x single Go binary at /usr/local/bin/nats-server
  • JetStream persistence enabled (file storage at /var/lib/nats/jetstream)
  • Client port 4222, monitoring HTTP 8222 (JSON endpoints /varz /connz /subsz etc.), cluster route 6222
  • Per-VM cloudimg user password rotated at firstboot via openssl rand -hex 16
  • Auth required — anonymous connections rejected
  • nats.service running as nats:nats
  • 24/7 cloudimg support

Prerequisites

Active Azure subscription, SSH key, VNet + subnet. Recommended Standard_B2s (NATS is famously efficient).

Step 1-3: Deploy + SSH (standard pattern)

ssh azureuser@<vm-ip>
sudo systemctl status nats.service --no-pager

nats.service active (running) with client port 4222, monitoring 8222, cluster 6222

Step 4: Retrieve the Password

sudo cat /stage/scripts/nats-credentials.log
curl -fsS http://localhost:8222/varz | head -10

Per-VM cloudimg/<NATS_PASSWORD>; /varz monitoring endpoint reports version 2.12.7 + auth_required:true

Step 5: Pub/Sub Round-Trip

NATS protocol is plain-text — you can do a round trip with bash and /dev/tcp alone:

PASS=$(sudo grep '^NATS_PASSWORD=' /stage/scripts/nats-credentials.log | cut -d= -f2-)

# Subscribe (run in one terminal)
exec 3<>/dev/tcp/localhost/4222
printf 'CONNECT {"user":"cloudimg","pass":"'"${PASS}"'"}\r\n' >&3
printf 'SUB hello 1\r\n' >&3
cat <&3

In another terminal: printf 'PUB hello 5\r\nworld\r\n' | bash -c 'exec 3<>/dev/tcp/localhost/4222 && cat >&3'. The first terminal will print MSG hello 1 5\nworld.

For real applications use the official client libraries (Go, Java, JavaScript, Python, Rust, .NET).

Pub/sub round trip via raw TCP — SUB on subject hello, MSG payload world received

Step 6: Components

Component Path
Binary /usr/local/bin/nats-server
Config /etc/nats/nats-server.conf
JetStream /var/lib/nats/jetstream/
Systemd unit /etc/systemd/system/nats.service
Firstboot /usr/local/sbin/nats-firstboot.sh
Credentials /stage/scripts/nats-credentials.log (mode 0600) 
/usr/local/bin/nats-server --version

NATS Server v2.12.7; nats-server.conf with JetStream enabled and per-VM rotated cloudimg password

Step 7: Security

  • Restrict NSG so 4222 only reaches your client networks
  • Enable TLS with tls { cert_file: ..., key_file: ... } in nats-server.conf
  • Migrate to NSC accounts for fine-grained per-application JWT auth
  • Patch monthly with apt-get update && apt-get upgrade && reboot

Step 8: Support and Licensing

NATS is Apache 2.0 — free. cloudimg provides commercial support separately.

  • Email: support@cloudimg.co.uk
  • Support hours: 24/7, 24h response SLA

Deploy on Azure

Launch NATS 2 with 24/7 support from cloudimg. View on Marketplace.